[ic] {OT} hardening SSL without rejecting users
Jon Jensen
jon at endpoint.com
Tue Apr 27 14:54:07 UTC 2010
On Mon, 26 Apr 2010, Grant wrote:
> I've been advised to harden my SSL in the following ways:
>
> 1. disable SSL 2.0
> 2. disable use of SSL ciphers which offer either weak or no encryption
> 3. disable anonymous SSL ciphers
>
> Will some website users not be able to use https if I do this?
Should be fine. That's all been good practice for years now.
A good Apache mod_ssl configuration to achieve that is:
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
Jon
--
Jon Jensen
End Point Corporation
http://www.endpoint.com/
More information about the interchange-users
mailing list